PEiD Plugins

BoB's Plugin Page (Loads of Plugins)

A page full of plugins by one of the biggest supporters of PEiD.

PackingStone v1.0 by yunsoul (30.12.2009)

Checking if a program is packed, without need of a database.
Can be very usefull when you dont trust PEiD's Entropy function.
Link to his blog here (its in korean)

CRC32 Plugin by Gelios (30.11.2003)

Write Options:
By Default plugin appends 4 bytes to the end of file.
In Overwrite mode 4 last bytes of the file will be overwritten.
Backup file: file ".old" will be created. If file exists it will be overwritten without prompt.

DEF Decrypter Plugin by _pusher_ (07.07.2004)

It simply decrypts the DEF protection.

EPScan by Mark0 (01.12.2004)

EPScan add the ability to scan a serie of executable files and detect common patterns in the firsts 128 bytes of code at program entry point. This way, the process to create a new signature for a specific type of EXEs is greatly simplified.

FSG v1.33 Unpacker Plugin by _pusher_ (03.10.2003)

This plugin unpacks FSG v1.33 only.

Generic Unpacker Plugin by snaker (13.02.2004)

The Generic Unpacker is a nifty plugin that finds the Orginal EntryPoint and Dumps it.
Works for many packers but not all.
This Plugin only works on WinXP and WinNT.

GenOEP Plugin by snaker (15.02.2004)

The name says it all, it finds the Orginal EntryPoint.
It runs the program and shows you the MessageBox with the OEP.

KANAL Plugin by snaker, {igNo} (12.03.2007)

This plugin searches for known crypto algorithms inside of the specified module.

Notes:

1. The detection is limited to crypto that's possible to identify by a specific signature (such as fixed s-boxes, permutation tables, initialization values, etc). Simple mathematical algorithms, such as RSA, cannot be detected.

2. A few of the algorithms are detected by a single DWORD - so, they are susceptible to false alarms.

3. Some crypto algorithm share a common initialization code - so if multiple crypto algorithms are present in the file, they may be "mixed up" a little. The plugin tries to filter the results somehow (to guess which algorithm it is from the "shared" code), but it may not be 100% of course.

Plugin Pack 1.4 by Maxx (11.04.2005)

pluzina1.dll

this is the Units browser plugin, which's able to show which units are used in delphi modules it can be useful e.g. for quick and easy recognition of crypto algorithms, which were "overlooked" by KANAL (if you see in units listing RC5 unit, is very probable that the module realy uses it, if it isn't an fake by programmer)

pluzina2.dll

Used to verify OEP for VBOX, "eCrap" and more..

pluzina3.dll

for quick calculation of control checksums (it's useful when you wanna find out if an module isn't harmed by some virus or some fucker), just a sufficient integrity check.

pluzina4.dll - this plugin is a disciple of Net.Conn.Locator...

read pluziny.nfo for more info...

Rebuild PE Plugin by Unknown (06.06.2004)

This plugin is based on realign.dll by yoda.
Some packed programs may not work after rebuilding.
Make sure to backup original file, use it at your own risk.

String Viewer v0.02 by dila (13.02.2005)

A woderful plugin which locates ASCII strings in your PE files.

UPXShit Decryptor Plugin by _pusher_ (24.08.2004)

UPXShit Decryptor removes UPXShit fully.

UPX Unpacker Plugin by _pusher_ (30.05.2006)

Universal UPX Unpacker almost works for evry UPX Packed file, even the modified (but not all).
- Now even for UPX 2.0

UnUPolyX Plugin by _pusher_ (06.03.2006)

Works on most UPolyX protected files.